2024-06-24 18:16:32 +01:00
// (c) Copyright 2024 Mercedes-Benz Tech Innovation GmbH
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
2018-07-19 17:42:25 +01:00
package gosec_test
2017-07-19 22:17:00 +01:00
import (
2019-04-30 15:57:32 +01:00
"errors"
2024-12-19 10:55:12 +00:00
"go/build"
2017-07-19 22:17:00 +01:00
"log"
2023-02-06 13:15:05 +00:00
"regexp"
2017-07-19 22:17:00 +01:00
"strings"
2022-01-03 17:11:35 +00:00
. "github.com/onsi/ginkgo/v2"
2017-07-19 22:17:00 +01:00
. "github.com/onsi/gomega"
2021-09-13 08:40:10 +01:00
"github.com/securego/gosec/v2"
2024-08-20 09:43:40 +01:00
"github.com/securego/gosec/v2/analyzers"
2021-09-13 08:40:10 +01:00
"github.com/securego/gosec/v2/rules"
2020-04-01 21:18:39 +01:00
"github.com/securego/gosec/v2/testutils"
2021-09-13 08:40:10 +01:00
"golang.org/x/tools/go/packages"
2017-07-19 22:17:00 +01:00
)
var _ = Describe ( "Analyzer" , func ( ) {
var (
2018-07-19 17:42:25 +01:00
analyzer * gosec . Analyzer
2018-04-20 00:45:04 +01:00
logger * log . Logger
buildTags [ ] string
2019-04-28 18:33:50 +01:00
tests bool
2017-07-19 22:17:00 +01:00
)
BeforeEach ( func ( ) {
2018-01-29 23:32:04 +00:00
logger , _ = testutils . NewLogger ( )
2022-02-16 17:23:37 +00:00
analyzer = gosec . NewAnalyzer ( nil , tests , false , false , 1 , logger )
2017-07-19 22:17:00 +01:00
} )
Context ( "when processing a package" , func ( ) {
2019-04-30 15:57:32 +01:00
It ( "should not report an error if the package contains no Go files" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2024-12-16 09:40:43 +00:00
dir := GinkgoT ( ) . TempDir ( )
err := analyzer . Process ( buildTags , dir )
2019-04-30 15:57:32 +01:00
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( BeEmpty ( ) )
2017-07-19 22:17:00 +01:00
} )
2019-04-30 15:57:32 +01:00
It ( "should report an error if the package fails to build" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2017-07-19 22:17:00 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "wonky.go" , ` func main() { println("forgot the package")} ` )
2019-04-28 21:30:08 +01:00
err := pkg . Build ( )
Expect ( err ) . Should ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , pkg . Path )
2019-04-30 15:57:32 +01:00
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 15:57:32 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 1 ) )
2019-04-30 15:57:32 +01:00
}
2017-07-19 22:17:00 +01:00
} )
2018-10-11 13:45:31 +01:00
It ( "should be able to analyze multiple Go files" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2017-12-14 00:04:22 +00:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
package main
func main ( ) {
bar ( )
} ` )
pkg . AddFile ( "bar.go" , `
package main
func bar ( ) {
println ( "package has two files!" )
} ` )
2019-04-28 21:30:08 +01:00
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , pkg . Path )
2017-12-14 00:04:22 +00:00
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
_ , metrics , _ := analyzer . Report ( )
2017-12-14 00:04:22 +00:00
Expect ( metrics . NumFiles ) . To ( Equal ( 2 ) )
2018-01-07 23:02:33 +00:00
} )
2022-02-16 17:23:37 +00:00
It ( "should be able to analyze multiple Go files concurrently" , func ( ) {
customAnalyzer := gosec . NewAnalyzer ( nil , true , true , false , 32 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
package main
func main ( ) {
bar ( )
} ` )
pkg . AddFile ( "bar.go" , `
package main
func bar ( ) {
println ( "package has two files!" )
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , metrics , _ := customAnalyzer . Report ( )
Expect ( metrics . NumFiles ) . To ( Equal ( 2 ) )
} )
2018-10-11 13:45:31 +01:00
It ( "should be able to analyze multiple Go packages" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2018-01-07 23:02:33 +00:00
pkg1 := testutils . NewTestPackage ( )
pkg2 := testutils . NewTestPackage ( )
defer pkg1 . Close ( )
defer pkg2 . Close ( )
pkg1 . AddFile ( "foo.go" , `
package main
func main ( ) {
} ` )
pkg2 . AddFile ( "bar.go" , `
package main
func bar ( ) {
} ` )
2019-04-28 21:30:08 +01:00
err := pkg1 . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = pkg2 . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , pkg1 . Path , pkg2 . Path )
2018-01-07 23:02:33 +00:00
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
_ , metrics , _ := analyzer . Report ( )
2018-01-07 23:02:33 +00:00
Expect ( metrics . NumFiles ) . To ( Equal ( 2 ) )
2017-12-14 00:04:22 +00:00
} )
2017-07-19 22:17:00 +01:00
It ( "should find errors when nosec is not in use" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2017-07-19 22:17:00 +01:00
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "md5.go" , source )
2019-04-28 21:30:08 +01:00
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
controlIssues , _ , _ := analyzer . Report ( )
2017-07-19 22:17:00 +01:00
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should find errors when nosec is not in use" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "cipher.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
controlIssues , _ , _ := analyzer . Report ( )
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should find errors when nosec is not in use" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "md4.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
controlIssues , _ , _ := analyzer . Report ( )
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2019-04-30 11:17:44 +01:00
It ( "should report Go build errors and invalid files" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2019-02-26 22:24:06 +00:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
package main
func main ( )
} ` )
2019-04-28 21:30:08 +01:00
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , pkg . Path )
2019-02-26 22:24:06 +00:00
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-04-30 11:17:44 +01:00
_ , _ , errors := analyzer . Report ( )
2023-02-06 13:15:05 +00:00
foundErr := false
2019-04-30 11:17:44 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 1 ) )
2023-02-06 13:15:05 +00:00
match , err := regexp . MatchString ( ferr [ 0 ] . Err , ` expected declaration, found '}' ` )
if ! match || err != nil {
continue
}
foundErr = true
2019-04-30 11:17:44 +01:00
Expect ( ferr [ 0 ] . Line ) . To ( Equal ( 4 ) )
Expect ( ferr [ 0 ] . Column ) . To ( Equal ( 5 ) )
Expect ( ferr [ 0 ] . Err ) . Should ( MatchRegexp ( ` expected declaration, found '}' ` ) )
2019-02-26 22:24:06 +00:00
}
2023-02-06 13:15:05 +00:00
Expect ( foundErr ) . To ( BeTrue ( ) )
2019-02-26 22:24:06 +00:00
} )
2021-12-13 16:45:47 +00:00
It ( "should not report errors when a nosec line comment is present" , func ( ) {
2017-07-19 22:17:00 +01:00
sample := testutils . SampleCodeG401 [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2017-07-19 22:17:00 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec" , 1 )
2017-07-19 22:17:00 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
2019-04-28 21:30:08 +01:00
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
nosecIssues , _ , _ := analyzer . Report ( )
2017-07-19 22:17:00 +01:00
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2017-10-05 22:32:03 +01:00
2024-06-20 12:02:59 +01:00
It ( "should not report errors when a nosec line comment is present" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when a nosec line comment is present" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2021-12-13 16:45:47 +00:00
It ( "should not report errors when a nosec block comment is present" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() /* #nosec */" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report errors when a nosec block comment is present" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) /* #nosec */" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when a nosec block comment is present" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() /* #nosec */" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2017-10-05 22:32:03 +01:00
It ( "should not report errors when an exclude comment is present for the correct rule" , func ( ) {
// Rule for MD5 weak crypto usage
sample := testutils . SampleCodeG401 [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2017-10-05 22:32:03 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec G401" , 1 )
2017-10-05 22:32:03 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
2019-04-28 21:30:08 +01:00
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
nosecIssues , _ , _ := analyzer . Report ( )
2017-10-05 22:32:03 +01:00
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report errors when an exclude comment is present for the correct rule" , func ( ) {
// Rule for DES weak crypto usage
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec G405" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when an exclude comment is present for the correct rule" , func ( ) {
// Rule for MD4 deprecated weak crypto usage
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec G406" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-05-28 11:46:49 +01:00
It ( "should not report errors when a nosec block and line comment are present" , func ( ) {
sample := testutils . SampleCodeG101 [ 23 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G101" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecPackage . AddFile ( "g101.go" , source )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
It ( "should not report errors when only a nosec block is present" , func ( ) {
sample := testutils . SampleCodeG101 [ 24 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G101" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecPackage . AddFile ( "g101.go" , source )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
It ( "should not report errors when a single line nosec is present on a multi-line issue" , func ( ) {
sample := testutils . SampleCodeG112 [ 3 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G112" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecPackage . AddFile ( "g112.go" , source )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2017-10-05 22:32:03 +01:00
It ( "should report errors when an exclude comment is present for a different rule" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2017-10-05 22:32:03 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec G301" , 1 )
2017-10-05 22:32:03 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
2019-04-28 21:30:08 +01:00
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
nosecIssues , _ , _ := analyzer . Report ( )
2017-10-05 22:32:03 +01:00
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should report errors when an exclude comment is present for a different rule" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec G301" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should report errors when an exclude comment is present for a different rule" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec G301" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2017-10-05 22:32:03 +01:00
It ( "should not report errors when an exclude comment is present for multiple rules, including the correct rule" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2017-10-05 22:32:03 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec G301 G401" , 1 )
2017-10-05 22:32:03 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
2019-04-28 21:30:08 +01:00
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-02-26 22:24:06 +00:00
nosecIssues , _ , _ := analyzer . Report ( )
2017-10-05 22:32:03 +01:00
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2018-04-20 00:45:04 +01:00
2024-06-20 12:02:59 +01:00
It ( "should not report errors when an exclude comment is present for multiple rules, including the correct rule" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec G301 G405" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when an exclude comment is present for multiple rules, including the correct rule" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec G301 G406" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2018-04-20 00:45:04 +01:00
It ( "should pass the build tags" , func ( ) {
2020-05-20 16:17:44 +01:00
sample := testutils . SampleCodeBuildTag [ 0 ]
2018-09-28 09:42:25 +01:00
source := sample . Code [ 0 ]
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2018-04-20 00:45:04 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "tags.go" , source )
2019-04-30 15:57:32 +01:00
tags := [ ] string { "tag" }
err := analyzer . Process ( tags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2018-04-20 00:45:04 +01:00
} )
2019-04-30 09:21:16 +01:00
2019-04-30 10:09:57 +01:00
It ( "should process an empty package with test file" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2019-04-30 09:21:16 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo_test.go" , `
2019-04-30 16:14:26 +01:00
package tests
2019-04-30 09:21:16 +01:00
import "testing"
func TestFoo ( t * testing . T ) {
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
} )
2019-04-30 12:53:22 +01:00
It ( "should be possible to overwrite nosec comments, and report issues" , func ( ) {
// Rule for MD5 weak crypto usage
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
2017-07-19 22:17:00 +01:00
2019-04-30 12:53:22 +01:00
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "true" )
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2019-04-28 21:30:08 +01:00
2019-04-30 12:53:22 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec" , 1 )
2019-04-30 12:53:22 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should be possible to overwrite nosec comments, and report issues" , func ( ) {
// Rule for DES weak crypto usage
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "true" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should be possible to overwrite nosec comments, and report issues" , func ( ) {
// Rule for MD4 weak crypto usage
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "true" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2023-10-18 13:25:50 +01:00
It ( "should be possible to overwrite nosec comments, and report issues but they should not be counted" , func ( ) {
2021-08-18 12:00:38 +01:00
// Rule for MD5 weak crypto usage
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
2023-10-18 13:25:50 +01:00
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "mynosec" )
2021-08-18 12:00:38 +01:00
nosecIgnoreConfig . SetGlobal ( gosec . ShowIgnored , "true" )
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2021-08-18 12:00:38 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2023-10-18 13:25:50 +01:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() // #mynosec" , 1 )
2021-08-18 12:00:38 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , metrics , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( metrics . NumFound ) . Should ( Equal ( 0 ) )
Expect ( metrics . NumNosec ) . Should ( Equal ( 1 ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should be possible to overwrite nosec comments, and report issues but they should not be counted" , func ( ) {
// Rule for DES weak crypto usage
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "mynosec" )
nosecIgnoreConfig . SetGlobal ( gosec . ShowIgnored , "true" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) // #mynosec" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , metrics , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( metrics . NumFound ) . Should ( Equal ( 0 ) )
Expect ( metrics . NumNosec ) . Should ( Equal ( 1 ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should be possible to overwrite nosec comments, and report issues but they should not be counted" , func ( ) {
// Rule for MD4 weak crypto usage
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . Nosec , "mynosec" )
nosecIgnoreConfig . SetGlobal ( gosec . ShowIgnored , "true" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() // #mynosec" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , metrics , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( metrics . NumFound ) . Should ( Equal ( 0 ) )
Expect ( metrics . NumNosec ) . Should ( Equal ( 1 ) )
} )
2022-01-03 15:48:42 +00:00
It ( "should not report errors when nosec tag is in front of a line" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "//Some description\n//#nosec G401\nh := md5.New()" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report errors when nosec tag is in front of a line" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "//Some description\n//#nosec G405\nc, e := des.NewCipher([]byte(\"mySecret\"))" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when nosec tag is in front of a line" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "//Some description\n//#nosec G406\nh := md4.New()" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2022-01-03 15:48:42 +00:00
It ( "should report errors when nosec tag is not in front of a line" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "//Some description\n//Another description #nosec G401\nh := md5.New()" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should report errors when nosec tag is not in front of a line" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "//Some description\n//Another description #nosec G405\nc, e := des.NewCipher([]byte(\"mySecret\"))" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should report errors when nosec tag is not in front of a line" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "//Some description\n//Another description #nosec G406\nh := md4.New()" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2022-01-03 15:48:42 +00:00
It ( "should not report errors when rules are in front of nosec tag even rules are wrong" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "//G301\n//#nosec\nh := md5.New()" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report errors when rules are in front of nosec tag even rules are wrong" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "//G301\n//#nosec\nc, e := des.NewCipher([]byte(\"mySecret\"))" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report errors when rules are in front of nosec tag even rules are wrong" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "//G301\n//#nosec\nh := md4.New()" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2022-01-03 15:48:42 +00:00
It ( "should report errors when there are nosec tags after a #nosec WrongRuleList annotation" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "//#nosec\n//G301\n//#nosec\nh := md5.New()" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should report errors when there are nosec tags after a #nosec WrongRuleList annotation" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "//#nosec\n//G301\n//#nosec\nc, e := des.NewCipher([]byte(\"mySecret\"))" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should report errors when there are nosec tags after a #nosec WrongRuleList annotation" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "//#nosec\n//G301\n//#nosec\nh := md4.New()" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := analyzer . Report ( )
Expect ( nosecIssues ) . Should ( HaveLen ( sample . Errors ) )
} )
2020-01-06 08:47:28 +00:00
It ( "should be possible to use an alternative nosec tag" , func ( ) {
2019-09-04 09:20:43 +01:00
// Rule for MD5 weak crypto usage
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
2023-05-25 10:54:26 +01:00
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2019-09-04 09:20:43 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() // #falsePositive" , 1 )
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
2019-09-04 09:20:43 +01:00
} )
2024-06-20 12:02:59 +01:00
It ( "should be possible to use an alternative nosec tag" , func ( ) {
// Rule for DES weak crypto usage
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) // #falsePositive" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should be possible to use an alternative nosec tag" , func ( ) {
// Rule for MD4 deprecated weak crypto usage
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() // #falsePositive" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2020-01-06 08:47:28 +00:00
It ( "should ignore vulnerabilities when the default tag is found" , func ( ) {
2019-09-04 09:20:43 +01:00
// Rule for MD5 weak crypto usage
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
2023-05-25 10:54:26 +01:00
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
2019-09-04 09:20:43 +01:00
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec" , 1 )
2019-09-04 09:20:43 +01:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
2019-09-04 09:20:43 +01:00
} )
2024-06-20 12:02:59 +01:00
It ( "should ignore vulnerabilities when the default tag is found" , func ( ) {
// Rule for DES weak crypto usage
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should ignore vulnerabilities when the default tag is found" , func ( ) {
// Rule for MD4 deprecated weak crypto usage
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
// overwrite nosec option
nosecIgnoreConfig := gosec . NewConfig ( )
nosecIgnoreConfig . SetGlobal ( gosec . NoSecAlternative , "falsePositive" )
customAnalyzer := gosec . NewAnalyzer ( nosecIgnoreConfig , tests , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
nosecIssues , _ , _ := customAnalyzer . Report ( )
Expect ( nosecIssues ) . Should ( BeEmpty ( ) )
} )
2019-04-30 12:53:22 +01:00
It ( "should be able to analyze Go test package" , func ( ) {
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nil , true , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2019-04-30 12:53:22 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
2019-04-30 16:14:26 +01:00
package foo
func foo ( ) {
} ` )
2019-04-30 12:53:22 +01:00
pkg . AddFile ( "foo_test.go" , `
2019-04-30 16:14:26 +01:00
package foo_test
import "testing"
2019-05-17 14:35:46 +01:00
func test ( ) error {
return nil
}
2019-04-30 16:14:26 +01:00
func TestFoo ( t * testing . T ) {
2019-05-17 14:35:46 +01:00
test ( )
2019-04-30 16:14:26 +01:00
} ` )
2019-04-30 12:53:22 +01:00
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
2019-05-17 14:35:46 +01:00
issues , _ , _ := customAnalyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
} )
2023-11-30 16:42:44 +00:00
It ( "should be able to scan generated files if NOT excluded when using the rules" , func ( ) {
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nil , true , false , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2021-08-04 16:33:20 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
package foo
// Code generated some-generator DO NOT EDIT.
func test ( ) error {
return nil
}
func TestFoo ( t * testing . T ) {
test ( )
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := customAnalyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( 1 ) )
} )
2023-11-30 16:42:44 +00:00
It ( "should be able to skip generated files if excluded when using the rules" , func ( ) {
2022-02-16 17:23:37 +00:00
customAnalyzer := gosec . NewAnalyzer ( nil , true , true , false , 1 , logger )
2021-12-09 10:53:36 +00:00
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2021-08-04 16:33:20 +01:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
// Code generated some-generator DO NOT EDIT.
2024-03-07 13:37:59 +00:00
package foo
2021-08-04 16:33:20 +01:00
func test ( ) error {
return nil
}
func TestFoo ( t * testing . T ) {
test ( )
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := customAnalyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( issues ) . Should ( BeEmpty ( ) )
2021-08-04 16:33:20 +01:00
} )
2023-11-30 16:42:44 +00:00
It ( "should be able to scan generated files if NOT excluded when using the analyzes" , func ( ) {
customAnalyzer := gosec . NewAnalyzer ( nil , true , false , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2024-08-20 09:43:40 +01:00
customAnalyzer . LoadAnalyzers ( analyzers . Generate ( false ) . AnalyzersInfo ( ) )
2023-11-30 16:42:44 +00:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
package main
// Code generated some-generator DO NOT EDIT.
import (
"fmt"
)
func main ( ) {
values := [ ] string { }
fmt . Println ( values [ 0 ] )
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := customAnalyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( 1 ) )
} )
It ( "should be able to skip generated files if excluded when using the analyzes" , func ( ) {
customAnalyzer := gosec . NewAnalyzer ( nil , true , true , false , 1 , logger )
customAnalyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2024-08-20 09:43:40 +01:00
customAnalyzer . LoadAnalyzers ( analyzers . Generate ( false ) . AnalyzersInfo ( ) )
2023-11-30 16:42:44 +00:00
pkg := testutils . NewTestPackage ( )
defer pkg . Close ( )
pkg . AddFile ( "foo.go" , `
// Code generated some-generator DO NOT EDIT.
2024-03-07 13:37:59 +00:00
package main
2023-11-30 16:42:44 +00:00
import (
"fmt"
)
func main ( ) {
values := [ ] string { }
fmt . Println ( values [ 0 ] )
} ` )
err := pkg . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = customAnalyzer . Process ( buildTags , pkg . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := customAnalyzer . Report ( )
Expect ( issues ) . Should ( BeEmpty ( ) )
} )
2019-04-30 12:53:22 +01:00
} )
2020-01-15 15:56:50 +00:00
It ( "should be able to analyze Cgo files" , func ( ) {
2021-12-09 10:53:36 +00:00
analyzer . LoadRules ( rules . Generate ( false ) . RulesInfo ( ) )
2020-01-15 15:56:50 +00:00
sample := testutils . SampleCodeCgo [ 0 ]
source := sample . Code [ 0 ]
testPackage := testutils . NewTestPackage ( )
defer testPackage . Close ( )
testPackage . AddFile ( "main.go" , source )
err := testPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , testPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( issues ) . Should ( BeEmpty ( ) )
2020-01-15 15:56:50 +00:00
} )
2019-04-30 12:53:22 +01:00
Context ( "when parsing errors from a package" , func ( ) {
It ( "should return no error when the error list is empty" , func ( ) {
pkg := & packages . Package { }
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
} )
It ( "should properly parse the errors" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file:1:2" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
Expect ( ferr [ 0 ] . Line ) . To ( Equal ( 1 ) )
Expect ( ferr [ 0 ] . Column ) . To ( Equal ( 2 ) )
Expect ( ferr [ 0 ] . Err ) . Should ( MatchRegexp ( ` build error ` ) )
}
} )
It ( "should properly parse the errors without line and column" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
Expect ( ferr [ 0 ] . Line ) . To ( Equal ( 0 ) )
Expect ( ferr [ 0 ] . Column ) . To ( Equal ( 0 ) )
Expect ( ferr [ 0 ] . Err ) . Should ( MatchRegexp ( ` build error ` ) )
}
} )
It ( "should properly parse the errors without column" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
Expect ( ferr [ 0 ] . Line ) . To ( Equal ( 0 ) )
Expect ( ferr [ 0 ] . Column ) . To ( Equal ( 0 ) )
Expect ( ferr [ 0 ] . Err ) . Should ( MatchRegexp ( ` build error ` ) )
}
} )
It ( "should return error when line cannot be parsed" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file:line" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . Should ( HaveOccurred ( ) )
} )
It ( "should return error when column cannot be parsed" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file:1:column" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . Should ( HaveOccurred ( ) )
} )
It ( "should append error to the same file" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file:1:2" ,
Msg : "error1" ,
} ,
2021-05-07 17:04:01 +01:00
{
2019-04-30 12:53:22 +01:00
Pos : "file:3:4" ,
Msg : "error2" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 12:53:22 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 2 ) )
2019-04-30 12:53:22 +01:00
Expect ( ferr [ 0 ] . Line ) . To ( Equal ( 1 ) )
Expect ( ferr [ 0 ] . Column ) . To ( Equal ( 2 ) )
Expect ( ferr [ 0 ] . Err ) . Should ( MatchRegexp ( ` error1 ` ) )
Expect ( ferr [ 1 ] . Line ) . To ( Equal ( 3 ) )
Expect ( ferr [ 1 ] . Column ) . To ( Equal ( 4 ) )
Expect ( ferr [ 1 ] . Err ) . Should ( MatchRegexp ( ` error2 ` ) )
}
} )
2019-06-25 10:56:26 +01:00
It ( "should set the config" , func ( ) {
config := gosec . NewConfig ( )
config [ "test" ] = "test"
analyzer . SetConfig ( config )
found := analyzer . Config ( )
Expect ( config ) . To ( Equal ( found ) )
} )
It ( "should reset the analyzer" , func ( ) {
analyzer . Reset ( )
issues , metrics , errors := analyzer . Report ( )
Expect ( issues ) . To ( BeEmpty ( ) )
Expect ( * metrics ) . To ( Equal ( gosec . Metrics { } ) )
Expect ( errors ) . To ( BeEmpty ( ) )
} )
2019-04-28 21:30:08 +01:00
} )
2019-04-30 15:57:32 +01:00
Context ( "when appending errors" , func ( ) {
It ( "should skip error for non-buildable packages" , func ( ) {
2024-12-19 10:55:12 +00:00
err := & build . NoGoError {
Dir : "pkg/test" ,
}
analyzer . AppendError ( "test" , err )
2019-04-30 15:57:32 +01:00
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( BeEmpty ( ) )
2019-04-30 15:57:32 +01:00
} )
It ( "should add a new error" , func ( ) {
pkg := & packages . Package {
Errors : [ ] packages . Error {
2021-05-07 17:04:01 +01:00
{
2019-04-30 15:57:32 +01:00
Pos : "file:1:2" ,
Msg : "build error" ,
} ,
} ,
}
err := analyzer . ParseErrors ( pkg )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
analyzer . AppendError ( "file" , errors . New ( "file build error" ) )
_ , _ , errors := analyzer . Report ( )
2023-04-04 07:52:59 +01:00
Expect ( errors ) . To ( HaveLen ( 1 ) )
2019-04-30 15:57:32 +01:00
for _ , ferr := range errors {
2023-04-04 07:52:59 +01:00
Expect ( ferr ) . To ( HaveLen ( 2 ) )
2019-04-30 15:57:32 +01:00
}
} )
} )
2021-12-09 10:53:36 +00:00
Context ( "when tracking suppressions" , func ( ) {
BeforeEach ( func ( ) {
2022-02-16 17:23:37 +00:00
analyzer = gosec . NewAnalyzer ( nil , tests , false , true , 1 , logger )
2021-12-09 10:53:36 +00:00
} )
It ( "should not report an error if the violation is suppressed" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec G401 -- Justification" , 1 )
2021-12-09 10:53:36 +00:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
2021-12-20 22:33:01 +00:00
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
2021-12-09 10:53:36 +00:00
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Justification" ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report an error if the violation is suppressed" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec G405 -- Justification" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Justification" ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report an error if the violation is suppressed" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec G406 -- Justification" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Justification" ) )
} )
2021-12-09 10:53:36 +00:00
It ( "should not report an error if the violation is suppressed without certain rules" , func ( ) {
sample := testutils . SampleCodeG401 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2021-12-15 18:31:14 +00:00
nosecSource := strings . Replace ( source , "h := md5.New()" , "h := md5.New() //#nosec" , 1 )
2021-12-09 10:53:36 +00:00
nosecPackage . AddFile ( "md5.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
2021-12-20 22:33:01 +00:00
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
2021-12-09 10:53:36 +00:00
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "" ) )
} )
2024-06-20 12:02:59 +01:00
It ( "should not report an error if the violation is suppressed without certain rules" , func ( ) {
sample := testutils . SampleCodeG405 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G405" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "c, e := des.NewCipher([]byte(\"mySecret\"))" , "c, e := des.NewCipher([]byte(\"mySecret\")) //#nosec" , 1 )
nosecPackage . AddFile ( "cipher.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "" ) )
} )
2024-06-24 18:16:32 +01:00
It ( "should not report an error if the violation is suppressed without certain rules" , func ( ) {
sample := testutils . SampleCodeG406 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G406" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source , "h := md4.New()" , "h := md4.New() //#nosec" , 1 )
nosecPackage . AddFile ( "md4.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "" ) )
} )
2021-12-09 10:53:36 +00:00
It ( "should not report an error if the rule is not included" , func ( ) {
sample := testutils . SampleCodeG101 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( true , rules . NewRuleFilter ( false , "G401" ) ) . RulesInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "pwd.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
controlIssues , _ , _ := analyzer . Report ( )
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( controlIssues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
It ( "should not report an error if the rule is excluded" , func ( ) {
sample := testutils . SampleCodeG101 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( true , rules . NewRuleFilter ( true , "G101" ) ) . RulesInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "pwd.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( sample . Errors ) )
2024-08-20 09:43:40 +01:00
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
2024-08-30 10:39:24 +01:00
It ( "should not report an error if the analyzer is not included" , func ( ) {
sample := testutils . SampleCodeG407 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadAnalyzers ( analyzers . Generate ( true , analyzers . NewAnalyzerFilter ( false , "G115" ) ) . AnalyzersInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "cipher.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
controlIssues , _ , _ := analyzer . Report ( )
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( controlIssues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
It ( "should not report an error if the analyzer is excluded" , func ( ) {
sample := testutils . SampleCodeG407 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadAnalyzers ( analyzers . Generate ( true , analyzers . NewAnalyzerFilter ( true , "G407" ) ) . AnalyzersInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "cipher.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
2024-08-20 09:43:40 +01:00
It ( "should not report an error if the analyzer is not included" , func ( ) {
sample := testutils . SampleCodeG602 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadAnalyzers ( analyzers . Generate ( true , analyzers . NewAnalyzerFilter ( false , "G115" ) ) . AnalyzersInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "cipher.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
controlIssues , _ , _ := analyzer . Report ( )
Expect ( controlIssues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( controlIssues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( controlIssues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
It ( "should not report an error if the analyzer is excluded" , func ( ) {
sample := testutils . SampleCodeG602 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadAnalyzers ( analyzers . Generate ( true , analyzers . NewAnalyzerFilter ( true , "G602" ) ) . AnalyzersInfo ( ) )
controlPackage := testutils . NewTestPackage ( )
defer controlPackage . Close ( )
controlPackage . AddFile ( "cipher.go" , source )
err := controlPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , controlPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( sample . Errors ) )
2021-12-09 10:53:36 +00:00
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "external" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "Globally suppressed." ) )
} )
It ( "should track multiple suppressions if the violation is multiply suppressed" , func ( ) {
sample := testutils . SampleCodeG101 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( true , rules . NewRuleFilter ( true , "G101" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
2023-10-13 13:04:21 +01:00
nosecSource := strings . Replace ( source , "password := \"f62e5bcda4fae4f82370da0c6f20697b8f8447ef\"" , "password := \"f62e5bcda4fae4f82370da0c6f20697b8f8447ef\" //#nosec G101 -- Justification" , 1 )
2021-12-09 10:53:36 +00:00
nosecPackage . AddFile ( "pwd.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . Should ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 2 ) )
} )
2023-10-18 10:31:54 +01:00
It ( "should not report an error if the violation is suppressed on a struct filed" , func ( ) {
sample := testutils . SampleCodeG402 [ 0 ]
source := sample . Code [ 0 ]
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G402" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecSource := strings . Replace ( source ,
"TLSClientConfig: &tls.Config{InsecureSkipVerify: true}" ,
"TLSClientConfig: &tls.Config{InsecureSkipVerify: true} // #nosec G402" , 1 )
nosecPackage . AddFile ( "tls.go" , nosecSource )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( sample . Errors ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
} )
It ( "should not report an error if the violation is suppressed on multi-lien issue" , func ( ) {
source := `
package main
import (
"fmt"
)
const TokenLabel = `
source += "`" + `
f62e5bcda4fae4f82370da0c6f20697b8f8447ef
` + " ` " + " //#nosec G101 -- false positive, this is not a private data" + `
func main ( ) {
fmt . Printf ( "Label: %s " , TokenLabel )
}
`
analyzer . LoadRules ( rules . Generate ( false , rules . NewRuleFilter ( false , "G101" ) ) . RulesInfo ( ) )
nosecPackage := testutils . NewTestPackage ( )
defer nosecPackage . Close ( )
nosecPackage . AddFile ( "pwd.go" , source )
err := nosecPackage . Build ( )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
err = analyzer . Process ( buildTags , nosecPackage . Path )
Expect ( err ) . ShouldNot ( HaveOccurred ( ) )
issues , _ , _ := analyzer . Report ( )
Expect ( issues ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions ) . To ( HaveLen ( 1 ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Kind ) . To ( Equal ( "inSource" ) )
Expect ( issues [ 0 ] . Suppressions [ 0 ] . Justification ) . To ( Equal ( "false positive, this is not a private data" ) )
} )
2021-12-09 10:53:36 +00:00
} )
2017-07-19 22:17:00 +01:00
} )